Net Results: After a four-year hiatus, I finally made it to San Francisco at the same time as one of my all-time favourite technology events, the RSA Data Security conference.
Given time in the city by the bay, some might prefer to spend the day sightseeing on Alcatraz, driving across the Golden Gate, or shopping in Union Square, but give me 13,000 cryptography geeks - many of them men with longer hair than mine given to telling algorithm jokes - any old day.
The first time I went to RSA it was held, rather bizarrely, in the facilities of three of the most exclusive hotels in San Francisco, at the top of posh Nob Hill. Back then, in 1997, about 3,000 attendees showed up to talk security issues - too few to use the huge Moscone Centre where it is now based, and too many for a single hotel ballroom.
At the time, I was just getting interested in the security arena, privacy issues, the world of crackers and hackers and the underground culture surrounding them, and the court battles in the US over PGP (Pretty Good Privacy), the free encrypted e-mail program that the US government felt could aid and abet terrorists (its creator said on the contrary, that it created a safe communications environment for pro-democracy and human rights activists in dangerous parts of the world).
At that first RSA, I was introduced to the famous Cryptographer's Round Table, which year after year usually has the same panel of A-list crypto guys, including Ron Rivest (the 'R' in RSA) and my personal favourite, Whitfield Diffie. Much of it was over my head, but through it I learned where to read up, what the key issues were and where these people thought the sector was going.
Of course, they have often been wrong, which is much of the fun of seeing the panel each year. This year, they showed clips of each panellist making predictions in previous years when they had more optimism (and hair).
Many of the predictions drew laughter from the audience, as did the panel's response to seeing their former selves and hearing their confident statements of yesteryear.
The laughter, though, came not from belittlement but from genuine enjoyment at how tricky this area is. It is hard to make predictions in the technology industry, which changes so quickly and whose new challenges are so hard to visualise in advance.
Even more so in the security sector, which deals not just with marketing dilemmas but with scheming minds that seek to undercut its work for destructive fun or criminal reward - or both.
That slipperiness and special challenge was clearly examined this year as it was every year by my other favourite annual event at the RSA: the session given by crypto god, Bruce Schneier.
Schneier wrote a book many years ago called Applied Cryptography that anyone with even a remote interest in the sector keeps like a bible on the shelf.
He writes a monthly email newsletter called the Crypto-Gram, which has made his views on security - especially post 9/11 - highly political as well.
His session is always packed and, unlike those held by many of the key industry figures, is also perfectly understandable to a general audience.
And no matter what he is speaking about, you know his take will be fresh and thought-provoking. He has the ability of a preacher to take a complicated topic and get it into analogies and metaphors that a lay community can understand and identify with.
This year, he used a bank vault metaphor to explain why security was not an add-on "solution" that protects your computer networks, but is instead a complex system in its own right.
For example, a bank vault does not sit in isolation, but is part of an established routine for storing and removing valued items. Who gets access to the vault and under what circumstances is all part of the system. Guards, combinations, transport - with a physical vault as with computer security, the system adds complexity rather than simply "protecting" something.
I was also struck by his assertion that good security people don't extol the protective features of a security system but think of how to break things.
They need to think like an attacker - and an attacker is part of the whole security system. One must assume an attacker's existence and consider constantly how to foil the attacks they are going to make, isolating the attacker from the rest of the system.
How obvious yet how contrary to the way most approach security.
Another intriguing point - "smart attackers look for leverage", and, yes, "technology gives more leverage". The very thing we are accustomed to thinking of as removing leverage, actually adds it.
That goes back to his first point - security is a system, not a protector of a system, and its complex technologies always offer new opportunities, even as it may close down other opportunities for an attack.
That is why we continue, year after year, to have further attacks, further hacks, further exploits. "Complexity is making the problem worse, faster," as Mr Schneier says. Does that make the whole situation hopeless? Of course not.
As Mr Schneier also noted: "Attacks don't change. There hasn't been a new attack invented in millennia. Identity theft is ancient!"
The technological footholds used to gain access, however, do change. Given a specific range of attacks, what are the weaknesses in the system that can enable those attacks? He went on to run through what he considers as the weak spots in any system, from people to the way computer ports are accessed.
The audience's questions afterwards took the session into the highly technical realm.
Leaving the room afterwards, I enjoyed the buzz that comes from an audience after the kind of session that woke you up, rather than putting you to sleep.
If you like this kind of discussion too but aren't up for reading Applied Crytpography, try subscribing to the Crypto-Gram at http://www.schneier.com/crypto-gram.html.
klillington@irish-times.ie weblog: http://weblog.techno-culture.com
